3.1.10 One Time Events - Conference and Event Planning
Often forgotten about, conferences and event planning also involve vendors/suppliers and contracts. While the sharing of personally identifiable information is highly unlikely and no cyber-security needs to be evaluated, there are risks that need to be considered. An initial risk assessment does not need to be completed; however, the risks specific to the engagement need to be reviewed. These risks could include whether alcohol is being served, provisions if the event needs to be rescheduled or cancelled, and any special requirements of the venue or the speaker.
These do not need to be reviewed by Enterprise Architecture and Information Security UNLESS data will be shared with the vendor; in such cases, Info Sec needs to be consulted.
All contracts should be provided to Enterprise Services prior to execution for review. The same criteria for Legal review applies.
If the vendor/supplier is not a well-known entity, i.e. Marriott, Hyatt, Top Golf, etc., request a completed W-9 and have the TIN verified through Compliance.
A Contract Approval form should be completed and the contract needs to be signed by an officer.
Tracy
Tracy J. Wilson, PMP, FLMI, PCS
Enterprise Services Manager
Enterprise Services
Modern Woodmen of America
'
Modern Woodmen Email Disclaimer: This communication and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this communication in error, please immediately notify the sender by email or telephone and delete this communication from your system.
'